Data protection information for suppliers

Data protection information for suppliers

pursuant to Art. 13, 14 and 21 of the General Data Protection Regulation GDPR

Data protection is an important issue for our company. In the following, you can find information how your data is processed and which rights you have.

1. Who is responsible for data protection and who can you contact?

ESA Elektroschaltanlagen Grimma GmbH, Broner Ring 30 in D-04668 Grimma

Phone: +49 3437 9211 0 / Fax: +49 3437 9211 26 / E-mail:

2. Contact data of the data protection officer

3. Processing purposes and legal basis

Your personal data is processed according to the provisions of the General Data Protection Regulation (GDPR), Federal Data Protection Act FDPA and other relevant data protection regulations. The process and use of the individual data depends on the service agreed upon and ordered. You can find further details and information about the processing purposes in our contract documents, forms, declarations of consent and other documents provided to you (e. g. on our website or in the General Terms and Conditions).

3.1 Declaration of consent (Art. 6 para. 1 point a GDPR)

If you have given your consent with the processing of personal data, the respective declaration of consent is the legal basis for the therein mentioned processing. You can revoke declarations of consent at any time for the future.

3.2 Performance of contractual obligations (Art. 6 para. 1 point b GDPR)

We process your personal data for the execution of our contracts with you in particular in the scope of our order processing and use of services. Furthermore, your personal data is processed for the implementation of measures and activities within the framework of pre-contractual relationships.

3.3 Compliance with legal obligations (Art. 6 para. 1 point c GDPR)

We process your personal data if this is required for the fulfiment of legal obligations (e. g. commercial and tax laws). This data includes particularly:

The fulfilment of fiscal inspection duties and reporting obligations as well as archiving of data for the purpose of data protection and the data safety and the audit by tax and other authorities.

In addition to this, the disclosure of personal data may be required in the context of official/legal measures for the purpose of taking of evidence, prosecution or enforcement of civil law claims.

3.4 Public interest (Art. 6 para. 1 point e GDPR)

We process your personal data if it is necessary for the performance of a task carried out in the public interest.

3.5 Legitimate interest by us or third parties (Art. 6 para. 1 point f GDPR)

We can also use your personal data on the basis of balancing of interests for the preservation of the legitimate interest by us or third parties. This is made for the following purposes:

  • for advertisement or market research if you have not objected to the use of your data.
  • for obtaining information and data exchange with credit agencies if this exceeds our economic risks.
  • for the limited storing of your data if deleting it is not possible or only with disproportionate high effort.
  • for comparison with European and international anti-terror lists if this exceeds the legal obligations.
  • for the further development of services and products as well as existing systems and processes.
  • for the disclosure of personal data in the scope of due diligence e. g. in case of a company sale.
  • for the enrichment of our data by use of research of publicly accessible data.
  • for statistic assessments or for market analyses.
  • for benchmarking.
  • for the assertion of legal claims and defence in case of legal disputes which are directly attributable to the contractual relationship.
  • for the development of scoring systems or automated decision processes.
  • for internal and external audits and/or safety inspections.
  • for the possible monitoring or recording of phone calls for quality assurance and for training purposes.
  • for certifications of issues under private law or of authorities.
  • for the assurance and perception of our domiciliary right by respective measures (e. g. video surveillance).

4. Categories of personal data processed by us

The following data is processed:

  • personal data (name, nationality, job/sector and comparable data)
  • contact data (address, e-mail address, phone number and comparable data)
  • payment confirmation/cover note for bank and credit cards
  • information about your financial situation (credit worthiness data, i. e. data for the assessment of the economic risk)
  • supplier history

We process personal data legally received by third parties (e. g. address publishers, credit agencies) if this is necessary for the performance of our service.

5. Who receives your data?

We pass your personal data within our company to the departments which need this data for the performance of the contractual and legal obligations resp. for the implementation of our legitimate interest.

In addition, the following bodies may receive your data:

  • order processors engaged by us (Art. 28 GDPR) in particular in the section of IT services (e. g. logistics and print services, external data centres, support/maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation resp. plausibility check, data destruction, purchase/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, settlement, telephony, website management, audit services, credit institutes, printing plants or companies for data removal, courier services)
  • public authorities and institutions in case of existing legal or official obligations under which we are obliged to disclose, report or pass on data or the passing of data is in public interest
  • authorities and institutions due to our legitimate interest or the legitimate interest of the third party for purposes mentioned under clause 3.5 (e. g. authoritites, credit agencies, debt collection, lawyers, experts, group companies and bodies and supervisory bodies)
  • other bodies for which you have provided your consent for data transfer

6. Transfer of your data to third countries or an international organisation

Data is not processed outside the EU resp. the EEA.

7. How long is your data stored?

If required, we process the personal data for the period of our business relationship, this also includes the initiation and processing of a contract.

In addition, we are subject to various storage and documentation obligations which result from the German Commercial Code (HGB) and the Tax Code (AO), among others. The periods for storage and/or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship..

Ultimately, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) can generally be three years, but in certain cases also up to thirty years.

8. To what extent is there automated decision making in individual cases (including profiling)?

We do not use purely automated decision-making procedures in accordance with Article 22 GDPR. Should we use these procedures in individual cases we will inform you of this separately provided that this is required by law.

9. Your rights in data protection

You have the right to information pursuant to Art. 15 GDPR, the right to correction pursuant to Art. 16 GDPR, the right to cancellation pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDPR and the right to data transferability pursuant to Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR). In principle, you have the right of objection to the processing of personal data by us in accordance with Article 21 GDPR. However, this right of objection only applies in the event of very special circumstances of your personal situation, whereby our company’s rights may conflict with your right of objection. If you wish to assert any of these rights, please contact our data protection officer (

10. Extent of your obligations to provide us with your data

You only have to provide the data which is needed for the initiation and performance of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this information, we will usually not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request further data from you, you will be separately informed of the voluntary nature of the data.

11. Information about your right to object Art. 21 GDPR

You have the right to object at any time to the processing of your data on the basis of Art. 6 para. 1 point f GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 point e GDPR (data processing in the public interest), if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
The objection can be sent informally to the address listed under point 1.

12. Your right of appeal to the competent supervisor authority

You have the right of appeal to the data protection authority (Art. 77 GDPR). The competent supervisor authority for us is:

Saxon Data Protection Officer, Devrient Straße 1, D-01067 Dresden

Broner Ring 30, 04668 Grimma
Telefon: +49 3437 9211 0
Telefax: +49 3437 9211 26